Date: Mon, 9 Sep 2002 23:06:16 -0500 From: "Charles Pelletier" <fozekizer@attbi.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: One way cable modem/ipfilter Message-ID: <002e01c2587f$693dbda0$32040101@hume> References: <20020909173539.6DEE09377F@server2.fastmail.fm>
next in thread | previous in thread | raw e-mail | index | archive | help
yeah it can, you just have to use IPNAT instead. just add that and IPFILTER and IPDIVERT to your kernel and recompile for starters if you haven't already then let these guys tell you precisely what needs to be done. options IPDIVERT options IPFILTER options IPMON #to log everything --charlie pelletier --litmus(mp3.com/litmus) ----- Original Message ----- From: "Cherie Powell" <cpowell1@mindspring.com> To: <freebsd-questions@FreeBSD.ORG> Sent: Monday, September 09, 2002 12:35 PM Subject: One way cable modem/ipfilter > I have a FreeBSD 4.4-STABLE machine in my home set up as a firewall > using ipfilter. I recently moved and my internet access went from a T1 > line to a one way cable modem. (With this setup, traffic goes out > through the modem on tun0 and in through the cable modem on vx0.) > Setting this up has been an interesting challenge. > > I first set up PPP using a standard dial-up account and got the network > working with it. With this setup, I can access the internet both from > the firewall and from machines behind the firewall (on xl0). > > Next, I tried with the cable modem. Using it, I can access the internet > from the firewall, but not from machines behind the firewall. If I run > tcpdump on the firewall and ping a site from one of the other > computers, I can see that packets are going out on tun0 and coming back > on vx0, as they are supposed to. My guess is that the system can't > figure out where to send them from there. > > The end result needs to be that the workstation sends a packet to the > firewall, which sends it out on tun0. The firewall should receive the > reply through vx0 and forward that packet back to the workstation that > originally sent the request. All of it seems to be working except for > that very last part. > > If it helps, the one instance I found of someone having this same > problem finally corrected it by putting this line in /etc/rc.firewall: > /sbin/ipfw add divert natd all from any to any via any > > I'm hoping that this could be applied to my situation using ipfilter... > > Anyone have any ideas? Please speak slowly - I'm still kind of new > at this. :-) > > Thanks, Cherie > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01c2587f$693dbda0$32040101>